| 1 |
include "/etc/rndc.key"; |
| 2 |
|
| 3 |
controls { |
| 4 |
inet 127.0.0.1 port 953 |
| 5 |
allow { 127.0.0.1; } keys { mykey; }; |
| 6 |
}; |
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
logging { |
| 11 |
channel "default" { |
| 12 |
syslog local1; |
| 13 |
severity info; |
| 14 |
}; |
| 15 |
category "default" { "default"; }; |
| 16 |
}; |
| 17 |
|
| 18 |
acl "trusted_networks" { |
| 19 |
127.0.0.1; |
| 20 |
212.85.158.144/28; |
| 21 |
}; |
| 22 |
// Enable statistics at http://127.0.0.1:5380/ |
| 23 |
statistics-channels { |
| 24 |
inet 127.0.0.1 port 5380 allow { 127.0.0.1; }; |
| 25 |
}; |
| 26 |
|
| 27 |
options { |
| 28 |
version ""; |
| 29 |
directory "/var/named"; |
| 30 |
dump-file "/var/tmp/named_dump.db"; |
| 31 |
pid-file "/var/run/named.pid"; |
| 32 |
statistics-file "/var/tmp/named.stats"; |
| 33 |
zone-statistics yes; |
| 34 |
// datasize 256M; |
| 35 |
coresize 100M; |
| 36 |
// fetch-glue no; |
| 37 |
// recursion no; |
| 38 |
// recursive-clients 10000; |
| 39 |
auth-nxdomain yes; |
| 40 |
query-source address * port *; |
| 41 |
listen-on port 53 { any; }; |
| 42 |
cleaning-interval 120; |
| 43 |
transfers-in 20; |
| 44 |
transfers-per-ns 2; |
| 45 |
lame-ttl 0; |
| 46 |
max-ncache-ttl 10800; |
| 47 |
|
| 48 |
// forwarders { first_public_nameserver_ip; second_public_nameserver_ip; }; |
| 49 |
|
| 50 |
// allow-update { none; }; |
| 51 |
// allow-transfer { any; }; |
| 52 |
|
| 53 |
// Prevent DoS attacks by generating bogus zone transfer |
| 54 |
// requests. This will result in slower updates to the |
| 55 |
// slave servers (e.g. they will await the poll interval |
| 56 |
// before checking for updates). |
| 57 |
notify no; |
| 58 |
// notify explicit; |
| 59 |
// also-notify { secondary_name_server }; |
| 60 |
|
| 61 |
// Generate more efficient zone transfers. This will place |
| 62 |
// multiple DNS records in a DNS message, instead of one per |
| 63 |
// DNS message. |
| 64 |
transfer-format many-answers; |
| 65 |
|
| 66 |
// Set the maximum zone transfer time to something more |
| 67 |
// reasonable. In this case, we state that any zone transfer |
| 68 |
// that takes longer than 60 minutes is unlikely to ever |
| 69 |
// complete. WARNING: If you have very large zone files, |
| 70 |
// adjust this to fit your requirements. |
| 71 |
max-transfer-time-in 60; |
| 72 |
|
| 73 |
// We have no dynamic interfaces, so BIND shouldn't need to |
| 74 |
// poll for interface state {UP|DOWN}. |
| 75 |
interface-interval 0; |
| 76 |
|
| 77 |
// Uncoment these to enable IPv6 connections support |
| 78 |
// IPv4 will still work |
| 79 |
// listen-on { none; }; |
| 80 |
// listen-on-v6 { any; }; |
| 81 |
|
| 82 |
// allow-query { trusted_networks; }; |
| 83 |
|
| 84 |
allow-transfer {"none";}; |
| 85 |
|
| 86 |
allow-recursion { trusted_networks; }; |
| 87 |
|
| 88 |
// Deny anything from the bogon networks as |
| 89 |
// detailed in the "bogon" ACL. |
| 90 |
// blackhole { bogon; }; |
| 91 |
}; |
| 92 |
|
| 93 |
zone "." IN { |
| 94 |
type hint; |
| 95 |
file "named.ca"; |
| 96 |
}; |
| 97 |
|
| 98 |
zone "localdomain" IN { |
| 99 |
type master; |
| 100 |
file "master/localdomain.zone"; |
| 101 |
allow-update { none; }; |
| 102 |
}; |
| 103 |
|
| 104 |
zone "localhost" IN { |
| 105 |
type master; |
| 106 |
file "master/localhost.zone"; |
| 107 |
allow-update { none; }; |
| 108 |
}; |
| 109 |
|
| 110 |
zone "0.0.127.in-addr.arpa" IN { |
| 111 |
type master; |
| 112 |
file "reverse/named.local"; |
| 113 |
allow-update { none; }; |
| 114 |
}; |
| 115 |
|
| 116 |
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { |
| 117 |
type master; |
| 118 |
file "reverse/named.ip6.local"; |
| 119 |
allow-update { none; }; |
| 120 |
}; |
| 121 |
|
| 122 |
zone "255.in-addr.arpa" IN { |
| 123 |
type master; |
| 124 |
file "reverse/named.broadcast"; |
| 125 |
allow-update { none; }; |
| 126 |
}; |
| 127 |
|
| 128 |
zone "0.in-addr.arpa" IN { |
| 129 |
type master; |
| 130 |
file "reverse/named.zero"; |
| 131 |
allow-update { none; }; |
| 132 |
}; |
| 133 |
|
Parent Directory
| 
Revision Log